WO2002037680A1 - Appareil de commutation de securite electronique - Google Patents

Appareil de commutation de securite electronique Download PDF

Info

Publication number
WO2002037680A1
WO2002037680A1 PCT/EP2001/011436 EP0111436W WO0237680A1 WO 2002037680 A1 WO2002037680 A1 WO 2002037680A1 EP 0111436 W EP0111436 W EP 0111436W WO 0237680 A1 WO0237680 A1 WO 0237680A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal processing
switching device
safety switching
processing channel
electronic safety
Prior art date
Application number
PCT/EP2001/011436
Other languages
German (de)
English (en)
Inventor
Roland Rupp
Hans Schwenkel
Original Assignee
Pilz Gmbh & Co.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pilz Gmbh & Co. filed Critical Pilz Gmbh & Co.
Priority to EP01982393A priority Critical patent/EP1330876B1/fr
Priority to AU2002213992A priority patent/AU2002213992A1/en
Priority to JP2002540311A priority patent/JP4155822B2/ja
Priority to DE50102016T priority patent/DE50102016D1/de
Priority to AT01982393T priority patent/ATE264572T1/de
Publication of WO2002037680A1 publication Critical patent/WO2002037680A1/fr
Priority to US10/414,795 priority patent/US6784571B2/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B9/00Safety arrangements
    • G05B9/02Safety arrangements electric
    • G05B9/03Safety arrangements electric with multiple-channel loop, i.e. redundant control systems
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K19/00Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
    • H03K19/007Fail-safe circuits
    • H03K19/0075Fail-safe circuits by using two redundant chains

Definitions

  • the present invention relates to an electronic safety switching device with at least a first and a second signal processing channel, to which input signals can be supplied for signal processing and which provide processed output signals, the first and second signal processing channels processing the supplied input signals redundantly to one another, and the first and second signal processing channels are each built using integrated semiconductor structures.
  • a safety switching device is known due to its use.
  • Safety switching devices of the type mentioned at the outset are used primarily in the industrial sector in order to carry out shutdown processes on machines and systems in a fail-safe manner.
  • "fail-safe” means that the switching device at least fulfills safety category 3 of the European standard EN 954-1.
  • devices of this type are used in response to the actuation of an emergency stop button or the opening of a protective door to shut down a machine system, such as, for example, a press or an independently operating robot, or otherwise convert it to a safe state.
  • a machine system such as, for example, a press or an independently operating robot, or otherwise convert it to a safe state.
  • To carry out maintenance or repair work it is generally necessary to switch off a machine or machine system at least partially in a fail-safe manner.
  • safety switching devices may therefore only be used in the industrial sector after they have been approved by a competent supervisory authority, for example professional associations or the TÜV.
  • a frequently practiced procedure for the approval of safety switchgear by the responsible supervisory authorities is that the designer or manufacturer of the safety switchgear has to present a detailed and detailed error analysis, in which every conceivable error is recorded. It must be proven that the safety switching device can reliably bring about a safe state for people even if the respective fault occurs. Such a consideration is very complex, in particular in the case of complex safety switching devices with numerous functions, which has an adverse effect on the costs of development and production. In addition, this error analysis must be repeated even with minor changes to the structure or structure of the safety switching device, since, for example, new error sources can be generated solely by a spatially different arrangement of components that are in themselves identical.
  • the first and the second signal processing channel are arranged monolithically on a common half 'a semiconductor substrate, wherein the semiconductor structures of each signal processing channel are spatially separated by a multiple of their width of the semiconductor structures of every other signal processing channel.
  • a safety switching device in which the mutually redundant signal processing channels are for the first time arranged together in a semiconductor chip. It is not excluded that each of the signal processing channels is additionally supplemented with the help of external components, for example for setting time constants, depending on the type and functionality of the safety switching device. However, the fewer additional external components are required, the greater the advantages of the invention.
  • the entire structure of the safety switching device can be defined in a form that can no longer be changed later in the construction and development of the semiconductor chip.
  • the error assessment required for approval by the regulatory authorities only has to be carried out once, namely during the development of the semiconductor chip.
  • Subsequent checks can be limited to checking the compliance with the specifications specified during the development of the semiconductor chip, in particular the compliance with the intended spatial dimensions and the materials used. Such checks can be essential be carried out more easily than the complex error considerations.
  • the measure according to the invention has the advantage that, due to the immutability of the semiconductor chip, certain causes of error can be reliably ruled out from the outset. For example, when considering a fault, a short circuit between two conductor tracks on the semiconductor substrate can be ruled out if the two conductor tracks keep a sufficient distance from one another. In contrast, a short circuit could occur during operation between two conductor cables, which are insulated from one another in a manner known per se, by a mechanical pinch.
  • the measure according to the invention has the advantage that a semiconductor chip can be introduced into a dustproof housing in a manner known per se and using proven manufacturing processes, which considerably minimizes the causes of faults due to industrial contamination. Such causes of errors can therefore also be excluded from the error analysis to be carried out.
  • the safety switching device according to the invention can be manufactured very efficiently in very large quantities, without creating additional causes of error.
  • the safety switching device according to the invention can be miniaturized to a very great extent on the basis of the proposed measure, which considerably increases the range of use and the possible uses.
  • the first and the second signal processing channel each have at least one communication interface for mutual internal data exchange.
  • the redundant signal processing channels externally, i.e. outside of the semiconductor substrate, for mutual data exchange.
  • the preferred measure has the advantage that the error analysis for mutual data exchange also only has to be carried out once during the development of the semiconductor chip.
  • the internal data exchange is faster and free of disturbing environmental influences.
  • the communication interface parts of the first and second signal processing channels are connected to one another via at least two spatially separate connecting lines.
  • the connecting lines are spatially spaced from one another by a multiple of their width.
  • the connecting lines are designed to be non-reactive.
  • each connecting line contains a non-reactive driver stage. Due to this measure, a particularly good decoupling of the redundant signal processing channels is achieved, whereby the risk of a total failure of the safety switching device according to the invention is again considerably reduced.
  • each of the signal processing channels has its own supply connections, which are spatially separated from the supply connections of the other signal processing channels.
  • each signal processing channel form a spatial group which is spaced as a whole from each spatial group of every other signal processing channel.
  • the redundant signal processing channels on the semiconductor substrate each have their own spatial area.
  • Conceptually dividing lines can be drawn between the spatial areas.
  • the measure has the advantage that the individual signal processing channels are spatially optimally decoupled from one another, which enables a very high degree of independence.
  • the error analysis and the development of the semiconductor chip are noticeably simplified.
  • a safety switching device according to the invention is designated in its entirety by reference number 10.
  • the safety switching device 10 has a first signal processing channel 12 and a second signal processing channel 14, which are designed redundantly to one another.
  • the two signal processing channels 12, 14 are arranged on a common semiconductor substrate 16.
  • the safety switching device 10 is thus completely implemented in a semiconductor chip.
  • the semiconductor chip is cast in a dust-tight housing in a manner known per se (not shown here) and thus protected against dirt and other environmental influences.
  • Each signal processing channel 12, 14 contains a multiplicity of semiconductor structures 18 or 20, which are connected to one another on the semiconductor substrate 16 in a manner known per se by conductor tracks 22.
  • the semiconductor structures 18, 20 are structures in the semiconductor substrate 16 produced by doping, which form functional islands due to their spatial arrangement.
  • the functional islands in turn form electronic components, such as transistors, diodes or capacitors, in a manner known per se.
  • the interconnection of these components with the aid of the conductor tracks 22 creates an electronic circuit which forms the individual signal processing channels 12, 14.
  • Reference numerals 24 and 26 respectively denote a communication interface via which the two signal processing channels 12, 14 mutually communicate internal data. can carry out an exchange.
  • the communication interfaces 24, 26 contain individual driver stages 28 which enable data to be transmitted without feedback.
  • the data is transmitted via on-chip connecting lines 30, 32.
  • the spatial distance D : between two adjacent connecting lines 30, 32 is a multiple of the width B x of each connecting line.
  • the distance D x is 2, 3, 5, or even 10 times the width B ⁇ .
  • the distance O ⁇ is therefore preferably chosen to be more than 3 times the width B x .
  • Reference numbers 38, 40 denote output signals which are provided by the signal processing channels 12 and 14 on the basis of the signal processing. Even the starting In the present exemplary embodiment, signals 38, 40 are accessible via spatially separated connections, which results in a great independence of the signal processing channels 12, 14. In a corresponding manner, each of the signal processing channels 12, 14 in the exemplary embodiment shown here also has its own supply connections 42 and 44 for the energy supply.
  • the individual semiconductor structures 18 of the first signal processing channel 12 are arranged at a distance D 2 from the semiconductor structures 20 of the second signal processing channel 14, the distance D 2 being a multiple of the width B 2 of each semiconductor structure 18.
  • the distance D 2 is a multiple of the width B 3 of each semiconductor structure 20 of the second signal processing channel 14.
  • the semiconductor structures 18, 20 are shown in the same figure for the sake of simplicity, but this is not the case in practice is absolutely necessary. It is understood that the distance D 2 in this case is then a multiple of the maximum width of the individual semiconductor structures 18 or 20. It is again the case that the reliability and the separation of the redundant signal processing channels 12, 14 is ensured the more reliably the larger the ratio of the distance D 2 is the width of the respective semiconductor structures 18, 20.
  • the safety switching device according to the invention can also have three or even more redundant signal processing channels 12, 14.
  • each of the signal processing channels is appropriately spaced from each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Semiconductor Integrated Circuits (AREA)
  • Electronic Switches (AREA)
  • Safety Devices In Control Systems (AREA)
  • Lock And Its Accessories (AREA)
  • Logic Circuits (AREA)
  • Air Bags (AREA)
  • Cookers (AREA)

Abstract

La présente invention concerne un appareil de commutation de sécurité électronique (10) comportant au moins un premier (12) et un deuxième (14) canal de traitement de signal pouvant recevoir des signaux d'entrée (34, 36) pour le traitement de signal. Lesdits canaux de traitement de signal (12, 14) fournissent pour leur part des signaux de sortie traités (38, 40). Le premier (12) et le deuxième (14) canal de traitement de signal traitent les signaux d'entrée reçus (34, 36) de manière redondante l'un par rapport à l'autre. Par ailleurs, le premier (12) et le deuxième (14) canal de traitement de signal comportent des structures à semi-conducteurs intégrées (18, 20). La présente invention est caractérisée en ce que le premier (12) et le deuxième (14) canal de traitement de signal sont logés de manière monolithique sur un substrat à semi-conducteurs commun (16), les structures à semi-conducteurs (18, 20) de chaque canal de traitement de signal (12, 14) étant espacées spatialement d'un multiple de leur largeur (B2, B3) par rapport aux structures à semi-conducteurs (20, 18) de chaque autre canal de traitement de signal (14, 12).
PCT/EP2001/011436 2000-10-30 2001-10-04 Appareil de commutation de securite electronique WO2002037680A1 (fr)

Priority Applications (6)

Application Number Priority Date Filing Date Title
EP01982393A EP1330876B1 (fr) 2000-10-30 2001-10-04 Appareil de commutation de securite electronique
AU2002213992A AU2002213992A1 (en) 2000-10-30 2001-10-04 Electronic safety switching device
JP2002540311A JP4155822B2 (ja) 2000-10-30 2001-10-04 電子安全切替装置
DE50102016T DE50102016D1 (de) 2000-10-30 2001-10-04 Elektronisches sicherheitsschaltgerät
AT01982393T ATE264572T1 (de) 2000-10-30 2001-10-04 Elektronisches sicherheitsschaltgerät
US10/414,795 US6784571B2 (en) 2000-10-30 2003-04-16 Electronic safety switching device and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10053820.7 2000-10-30
DE10053820A DE10053820A1 (de) 2000-10-30 2000-10-30 Elektronisches Sicherheitsschaltgerät

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/414,795 Continuation US6784571B2 (en) 2000-10-30 2003-04-16 Electronic safety switching device and method

Publications (1)

Publication Number Publication Date
WO2002037680A1 true WO2002037680A1 (fr) 2002-05-10

Family

ID=7661591

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/011436 WO2002037680A1 (fr) 2000-10-30 2001-10-04 Appareil de commutation de securite electronique

Country Status (7)

Country Link
US (1) US6784571B2 (fr)
EP (1) EP1330876B1 (fr)
JP (1) JP4155822B2 (fr)
AT (1) ATE264572T1 (fr)
AU (1) AU2002213992A1 (fr)
DE (2) DE10053820A1 (fr)
WO (1) WO2002037680A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007508179A (ja) * 2003-10-08 2007-04-05 コンティネンタル・テーベス・アクチエンゲゼルシヤフト・ウント・コンパニー・オッフェネ・ハンデルスゲゼルシヤフト 安全限界制御用の組み込まれたマイクロプロセッサシステム

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005096465A1 (fr) * 2004-04-01 2005-10-13 System Consult Pty Ltd Module de commutation de securite
US7453677B2 (en) * 2004-10-06 2008-11-18 Teknic, Inc. Power and safety control hub
DE102015101023A1 (de) 2015-01-23 2016-07-28 Pilz Gmbh & Co. Kg Elektronisches Sicherheitsschaltgerät
DE102016117821A1 (de) * 2016-09-21 2018-03-22 Pilz Gmbh & Co. Kg Sicherheitsschaltung zum fehlersicheren Abschalten einer gefahrbringenden technischen Anlage
JP6962795B2 (ja) * 2017-11-22 2021-11-05 ルネサスエレクトロニクス株式会社 半導体装置および半導体システム

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4122016A1 (de) * 1991-07-03 1993-01-21 Hella Kg Hueck & Co Antiblockierregelsystem
DE19716197A1 (de) * 1997-04-18 1998-10-22 Itt Mfg Enterprises Inc Mikroprozessorsystem für sicherheitskritische Regelungen

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4341082A1 (de) 1993-12-02 1995-06-08 Teves Gmbh Alfred Schaltungsanordnung für sicherheitskritische Regelungssysteme
DE19529434B4 (de) 1995-08-10 2009-09-17 Continental Teves Ag & Co. Ohg Microprozessorsystem für sicherheitskritische Regelungen
DE19707241C2 (de) 1997-02-25 2000-05-31 Pilz Gmbh & Co Modulares Sicherheitsschaltgerät

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4122016A1 (de) * 1991-07-03 1993-01-21 Hella Kg Hueck & Co Antiblockierregelsystem
DE19716197A1 (de) * 1997-04-18 1998-10-22 Itt Mfg Enterprises Inc Mikroprozessorsystem für sicherheitskritische Regelungen

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DATABASE WPI Section PQ Week 199304, Derwent World Patents Index; Class Q18, AN 1993-027835 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007508179A (ja) * 2003-10-08 2007-04-05 コンティネンタル・テーベス・アクチエンゲゼルシヤフト・ウント・コンパニー・オッフェネ・ハンデルスゲゼルシヤフト 安全限界制御用の組み込まれたマイクロプロセッサシステム
JP4768617B2 (ja) * 2003-10-08 2011-09-07 コンティネンタル・テーベス・アクチエンゲゼルシヤフト・ウント・コンパニー・オッフェネ・ハンデルスゲゼルシヤフト 安全限界制御用の組み込まれたマイクロプロセッサシステム
KR101230689B1 (ko) * 2003-10-08 2013-02-07 콘티넨탈 테베스 아게 운트 코. 오하게 안전-임계 조정을 위한 집적 마이크로프로세서 시스템

Also Published As

Publication number Publication date
US6784571B2 (en) 2004-08-31
US20030178961A1 (en) 2003-09-25
JP2004513556A (ja) 2004-04-30
DE10053820A1 (de) 2002-05-29
EP1330876B1 (fr) 2004-04-14
ATE264572T1 (de) 2004-04-15
EP1330876A1 (fr) 2003-07-30
AU2002213992A1 (en) 2002-05-15
DE50102016D1 (de) 2004-05-19
JP4155822B2 (ja) 2008-09-24

Similar Documents

Publication Publication Date Title
EP0742499B1 (fr) Traitement fiable de signaux orientés sûreté
DE19707241C2 (de) Modulares Sicherheitsschaltgerät
EP0082859B1 (fr) Systeme regulateur antiblocage
EP0275992A2 (fr) Parc machine avec plusieurs mobiles
EP1589386A1 (fr) Système de commande de processus
WO2008055701A1 (fr) Dispositif à commutateur de sécurité
WO2016116514A1 (fr) Appareil de commutation de sécurité électronique
EP1748299B1 (fr) Circuit électronique, système avec un circuit électronique et procédé pour tester un circuit électronique
WO2007076939A2 (fr) Dispositif pour commander au moins une machine
WO2002037680A1 (fr) Appareil de commutation de securite electronique
DE2651314C2 (de) Sicherheits-Ausgabeschaltung für eine Binärsignale abgebende Datenverarbeitungsanlage
EP1202313A1 (fr) Dispositif de sécurité pour surveiller la position des pièces de contact mécanique
EP0996060A2 (fr) Système à processeur unique
DE19813389C2 (de) Sicherheitsgerichtete Ansteuerschaltung
EP1128241B1 (fr) Procédé et dispositif de surveillance d' un dispositif de commande
EP1364459B1 (fr) Dispositif de commutation de securite
DE3522220A1 (de) Anordnung zur ausgabe von steuersignalen an stellelemente eines prozesses
EP2433184B1 (fr) Système de commande permettant de commander un processus
DE102007056519B4 (de) Auswerteeinheit und Sicherheitsschaltgerät
EP1231121A2 (fr) Dispositif de commande de la force de freinage
DE102004051130A1 (de) Verfahren und Automatisierungssystem zum Bedienen und/oder Beobachten mindestens eines Feldgerätes
EP1364319B1 (fr) Procede permettant de separer des systemes redondants lors de la conception de circuits de commutation specifiques aux besoins du client
EP1282859B1 (fr) Composant peripherique ayant un degre de protection eleve contre les erreurs, destine a des dispositfs de commande a memoire programmable
EP1447830B1 (fr) Dispositif de commutation pour le codage de différents états
WO2000060623A1 (fr) Circuiterie dotee d'une fonction de securite

Legal Events

Date Code Title Description
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 10414795

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2002540311

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2001982393

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001982393

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 2001982393

Country of ref document: EP